The personal details of patients at a major Melbourne hospital have been compromised after cybercriminals hacked a staff member’s private email.
The Royal Women’s Hospital in Parkville apologised to 192 patients on Thursday night after an investigation revealed their personal details were potentially stolen by the hackers.
“(We are) very sorry to advise of a recent incident where cybercriminals gained access to the private email account of a staff member,” a hospital spokesman said in a statement.
“We are taking this matter very seriously and apologise sincerely for any distress and inconvenience caused to affected patients.”
It is understood the employee forwarded work emails to their private email account to review and co-ordinate their patient appointments.
The staff member’s private email was later hacked by cybercriminals and some of the patient’s’ personal details may have been accessed.
A forensic investigation was conducted by cyber security experts and the majority of the affected patients were notified on Thursday morning.
The remainder will be notified by registered mail.
In a statement, the hospital assured patients that medical records were not accessed and the hospital’s official email or IT systems were not hacked.
“The Women’s is thoroughly investigating the attack and has put in place actions to ensure that affected patients receive accurate information and adequate support,” the hospital said.
A hotline number has been established for affected patients where they can connect with cyber experts for detailed advice and support as well as free counselling services.
The Royal Women’s Hospital is the latest to suffer the shock attack following an escalation of cybersecurity threats over the past few years.
Several high profile companies, from Pizza Hut to the news outlet The Guardian, have been targeted alongside government agencies.
Last month, the Australian Federal Police (AFP) were revealed to be one of the casualties affected by a cyberattack on a national law firm.
Critical data was stolen from HWL Ebsworth, one of Australia’s largest commercial law firms which has the AFP as a client.
Microsoft’s Cyber Signals report from December last year found parts of the energy grid and essential services such as sewage treatment plants could be hit by cyber attacks, in turn putting lives at risk.